Post/Code

HomeAboutUsesNow

Terraform, Kubernetes and EKS Command Cheat Sheet.

Below are some useful commands when working with Terraform, KubeOne, Kubernetes and EKS:

Terraform

Note that the [default] AWS credentials are used from ~/aws/credentials:

AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY need to be specified as environment variables in your Terminal. Instead of manually setting these in each Terminal session, you can add these to:

~/.bashrc

Then, from the command line, run:

source ~/.bashrc

This will activate the latest vars for your Terminal.

SSH

You need an SSH key to successfully run the Terraform commands.

Take a look here for background on how to add your SSH key.

  • Start SSH agent in background:

eval "$(ssh-agent -s)"

  • Add SSH key to ssh-agent and store passphrase in keychain:

ssh-add -K ~/.ssh/id_rsa

Commands to run in order to setup KubeOne on AWS infrastructure via Terraform:

  • Check Terraform version:

terraform version

  • Check KubeOne version

kubeone version

  • Initialise Terraform from folder containing Terraform files

cd/terraform && terraform init

  • Shows what Terraform will setup for you:

terraform plan

  • Outputs a non-human readable Terraform plan:

terraform plan -out plan

  • In order to see what the plan outputs, run the following command:

terraform show -json plan

  • Terraform will create the infrastructure required:

terraform apply

  • Output Terraform config:

terraform output -json > tf.json

  • Reset k8s according to Terraform (see notes below on how to setup the k8s on the TF infrastructure):

kubeone reset ./terraform/config.yaml --tfjson ./terraform/tf.json

  • Destroy all terraform infrastructure setup by Terraform:

terraform destroy

Kubernetes, KubeOne

  • kubectl version
  • Configure k8s cluster according to Terraform (as defined above):

kubeone install config.yaml --tfjson tf.json

  • Export kubeconfig to env vars:

export KUBECONFIG=$PWD/projectname-kubeconfig

  • kubectl get secrets

  • Create env secrets:

kubectl create secret generic env-secret --from-literal=DB_USER='dbusernamehere' --from-literal=DB_PASS='dbpasshere' --from-literal=JWT_SECRET='jwtsecrethere'

  • Create AWS secrets:

kubectl create secret generic aws-secret --from-literal=aws_access_key_id='awssecretkeyhere' --from-literal=aws_secret_access_key='awssecretaccesskeyhere'

  • Delete secret:

kubectl delete secrets env-secret.yaml

  • Get k8s cluster info:

kubectl cluster-info

  • View k8s config info:

kubectl config view

  • View k8s nodes:

kubectl get nodes

  • View k8s services:

kubectl get service client -o wide

EKS (Elastic Kubernetes Service)

  • Create cluster on AWS via EKS according to config:

eksctl create cluster -f cluster.yaml

  • Create cluster by default:

eksctl create cluster --name projectname-here

  • Add CloudWatch:

eksctl utils update-cluster-logging --region=eu-west-1 --cluster=projectname-here

  • Create cluster with details:

eksctl create cluster --name=projectname-here --nodes=3 --managed --alb-ingress-access --region=${AWS_REGION}

  • Delete cluster:

eksctl delete cluster --name=name-here

k8s

In order to create your configmaps, deployments and services, run the following:

  • Create configmap:

kubectl apply -f ./path/to/k8sfiles/env-configmap.yaml

  • kubectl get configmaps
  • Create deployment:

kubectl apply -f ./path/to/k8sfiles/appname.deployment.yaml

  • kubectl get deployments
  • kubectl get pods
  • kubectl describe pods podnamehere
  • kubectl logs podname-7bdc944cdb-kn9wv
  • kubectl apply -f ./path/to/k8sfiles/appname.service.yaml
  • Change apiVersion:

kubectl convert -f ./path/to/k8sfiles/appname.deployment.yaml --output-version apps/v1

  • kubectl get services
  • kubectl get pods -o wide
  • Get container port:

kubectl get pods podname-7bdc944cdb-s7d4n --template='{{(index (index .spec.containers 0).ports 0).containerPort}}{{"\n"}}'

  • Get replica sets:

kubectl get rs

  • kubectl port-forward services/servicename 8080:8080
  • kubectl port-forward services/servicename 8100:8100
  • To run in background, then press fg to get it back into foreground:

kubectl port-forward services/servicename 8080:8080 &

  • kubectl get machinedeployments -n kube-system
  • Scale up:

kubectl scale machinedeployment/projectname-eu-west-1a -n kube-system --replicas=2

  • Scale down:

kubectl scale machinedeployment/projectname-eu-west-1a -n kube-system --replicas=0

  • kubectl delete -f ./path/to/k8sfiles/appname.service.yaml
  • kubectl delete -f ./path/to/k8sfiles/appname.deployment.yaml

Useful commands from k8s Tutorials:

  • Rolling update:

kubectl set image deployments/kubernetes-bootcamp kubernetes-bootcamp=jocatalin/kubernetes-bootcamp:v2

  • kubectl describe services/kubernetes-bootcamp
  • export NODE_PORT=$(kubectl get services/kubernetes-bootcamp -o go-template='{{(index .spec.ports 0).nodePort}}'
  • echo NODE_PORT=$NODE_PORT
  • curl $(minikube ip):$NODE_PORT
  • kubectl rollout status deployments/kubernetes-bootcamp
  • Fetch image that does not exist:

kubectl set image deployments/kubernetes-bootcamp kubernetes-bootcamp=gcr.io/google-samples/kubernetes-bootcamp:v10

  • See not all are ready:

kubectl get deployments

  • Will show new pods erroring:

kubectl get pods

  • Undo rollout:

kubectl rollout undo deployments/kubernetes-bootcamp

  • Back to normal, only running pods:

kubectl get pods

  • Expose service:

kubectl expose deployment/kubernetes-bootcamp --type="NodePort" --port 8080

  • kubectl get services
  • kubectl describe services/kubernetes-bootcamp
  • export NODE_PORT=$(kubectl get services/kubernetes-bootcamp -o go-template='{{(index .spec.ports 0).nodePort}}')
  • echo NODE_PORT=$NODE_PORT
  • curl $(minikube ip):$NODE_PORT
  • Describe deployment, take not of the "label" field, which is run=kubernetes-bootcamp:

kubectl describe deployment

  • Get pods with that label (-l):

kubectl get pods -l run=kubernetes-bootcamp

  • Can use for services too:

kubectl get services -l run=kubernetes-bootcamp

  • Store pod name:

export POD_NAME=$(kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')

  • Display pod name:

echo Name of the Pod: $POD_NAME

  • Give pod a new label:

kubectl label pod $POD_NAME app=v1

  • See pod has new label:

kubectl describe pods $POD_NAME

  • Query pods with new label:

kubectl get pods -l app=v1

  • Delete service:

kubectl delete service -l run=kubernetes-bootcamp

  • See NodePort service no longer available:

kubectl get services

  • Failed to connect (since it no longer exists):

curl $(minikube ip):$NODE_PORT

  • Confirm app is still running on internal cluster:

kubectl exec -ti $POD_NAME curl localhost:8080

Further notes on k8s:

When you see values "port" and "targetPort". "port" is the port on the external IP, "targetPort" is the port on the container.

port-forward is only a means of debugging, it is not a practical means of making containers available.